Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1328972

Summary: thermostat webstorage - using /dev/urandom instead of /dev/random
Product: Red Hat Software Collections Reporter: zzambers
Component: thermostat1Assignee: Severin Gehwolf <sgehwolf>
Status: CLOSED ERRATA QA Contact: zzambers
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: thermostat1CC: bgollahe, jorton, sgehwolf
Target Milestone: rc   
Target Release: 2.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: thermostat1-thermostat-1.4.4-70.2.el7, thermostat1-thermostat-1.4.4-60.2.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-31 10:15:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description zzambers 2016-04-20 18:51:41 UTC 
Description of the problem:

When webstorage ( tomcat@thermostat service) is stared, tomcat generates SecureRandom. OpenJDK by default uses /dev/random for that, which is blocking. As a consequence loading of thermostat webstorage can take very long time on systems with entropy shortage (such as VMs). 

I experienced this problem when testing on beaker machines, where generating of SecureRandom often takes 100s of seconds. 


From /var/log/tomcat/thermostat-web-storage.*.log:

Apr 20, 2016 8:55:26 AM org.apache.catalina.util.SessionIdGenerator createSecureRandom
INFO: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [491,578] milliseconds.
INFO - WebStorageEndPoint: Initializing web service
FINEST - WebStorageEndPoint: THERMOSTAT_HOME == /opt/rh/thermostat1/root/usr/share/thermostat
...

In log above you can see it took 491,578 ms (> 8min) . Usually I get about 200,000 ms.

system used was rhel7

with following java -version 
openjdk version "1.8.0_65"
OpenJDK Runtime Environment (build 1.8.0_65-b17)
OpenJDK 64-Bit Server VM (build 25.65-b01, mixed mode)


As you know I have already experienced this issue in the past with thermostatQA (in VM, with external tomcat) , where I workarounded issue by using /dev/urandom instead of /dev/random. It reduces time needed to generate SecureRandom to less than 1s.


Possible Solution:

You could consider adding following parameter to JAVA_OPTS in /etc/sysconfig/tomcat@thermostat to use /dev/urandom instead of /dev/random :
-Djava.security.egd=file:/dev/./urandom
( /./ is intentional [1] [2] )

 
Resources
[1] http://stackoverflow.com/questions/137212/how-to-solve-performance-problem-with-java-securerandom
[2] https://bugs.openjdk.java.net/browse/JDK-6202721
Comment 3 zzambers 2016-05-03 13:20:53 UTC 
parameter to use urandom instead of random is present in new builds, seems working
Comment 5 errata-xmlrpc 2016-05-31 10:15:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2016:1152